From Newsgroup: alt.privacy.anon-server
Gabx wrote:
Using "Post directly from the shell" (I didn't try neomutt yet),
the message-id is generated by the poster's machine, not the
server, which could compromise their anonymity.
True!
Client-side i have stripped Message-id before sent to force
server side generation.
Server side added "always_add_missing_headers = yes".
Message-id generated "hash@4ddr3ss.onion".
|oa va ?
Victor -*HCC*-
|oa ne va pas!
In a spirit of perfectionism and believing @address.onion to be relatable,
I made changes directly to the mail2news code to force its message-id.
Clients:
File: ~/.config/neomutt/m2n-prompt.sh
- I stripped Message-ID header before SMTP submission
- Forced server-side generation
- Prevents client hostname/timestamp leakage
SMTPD:
- /etc/postfix/header_checks (new file)
- /etc/postfix/main.cf added always_add_missing_headers = yes
header_checks content:
/^Message-ID:/ IGNORE
MAIL2NEWS:
// NEW: ALWAYS regenerate, ignore client's
randomBytes, _ := SecureRandom(8)
messageID := fmt.Sprintf("<%d.%s@%s>",
time.Now().Unix(),
strings.ToUpper(hex.EncodeToString(randomBytes)),
config.NNTP.MessageIDDomain)
Config change:
messageid: "domain.invalid"
Result format:
Good night !
--
Gabx
--- Synchronet 3.22a-Linux NewsLink 1.2